AARO’s 2023 Whistleblower Portal: UAP Insiders Can Now Report Safely

You’re sitting on something you can’t unsee: a sensor track that didn’t behave like any platform you’ve worked, a briefing that used phrasing uncommon in routine programs, maybe even secondhand talk about “non-human intelligence” that came from people with real access. The problem isn’t curiosity. It’s the squeeze you’re in. If you stay quiet, you watch the public conversation spiral into “UFO rumors” while the people who actually touched the data stay invisible. If you speak up the wrong way, you risk your clearance, your job, and stepping on classification tripwires that don’t care about your intentions. And even if you thread that needle, you still get treated like you’re chasing a story instead of reporting a record.

You’re really deciding between two bad options: leak into the chaos, or keep it locked down and hope someone else carries the weight. That’s exactly why AARO’s 2023 whistleblower portal matters. It changes the incentives by giving you a formal lane that’s built around credibility and documentation, not virality. It’s not a promise of public disclosure, and it’s not a shortcut to getting “the truth” on the front page. It’s a way to put what you know into a process that can be evaluated, tracked, and acted on without turning you into the story. The tradeoff this resolves is simple: credibility and safety versus speed and secrecy.

The timing isn’t accidental. AARO was established on July 15, 2022 (AARO – About; see also the DNI’s 2022 Annual Report on Unidentified Aerial Phenomena for context on analytic responsibilities and organizational roles: DNI 2022 UAP Annual Report (PDF)), and the DNI’s unclassified 2022 Annual Report on Unidentified Aerial Phenomena explicitly points to that establishment and the analytic process AARO is supposed to apply, which tells you this was built to be an intake-and-analysis machine, not just a PR mailbox. Pressure kept climbing anyway, with ongoing UFO disclosure and UAP disclosure demands getting amplified by nonstop UFO news and UAP news scrutiny, and by 2023 the portal became the credibility-first door insiders had been missing. Then AARO produced a Historical Record Report (Volume I) carrying a document file date of March 8, 2024 (AARO Historical Record Report (Volume I)), a concrete marker that the office is generating formal outputs that live inside oversight timelines, not just online debates. By the end, you’ll be able to decide what the portal actually is, how the legal and oversight backdrop shapes what happens after you submit, what “safe reporting” looks like in practice, and how to file something that reads like evidence instead of a rumor.

What the AARO Portal Actually Is

This portal is built to collect actionable, investigation-ready information, not to host public UFO stories or promise “alien disclosure.” If you’re picturing a public confessional where anyone can post a sighting and watch it go viral, you’ll be disappointed. If you’re expecting a black hole where nothing is taken seriously, you’ll miss what it’s actually designed to do: turn specific claims into checkable leads.

The difference is verifiability. AARO isn’t trying to “platform” narratives. It’s trying to assemble enough detail to test them: who knew what, when they knew it, what system or program they’re talking about, and what documentation or witnesses could confirm it. That investigative posture is also why a lot of the most useful submissions won’t read like a dramatic story. They’ll read like a clean lead: names of offices, contract vehicles, program nicknames, dates, locations, system logs, or a trail that points to records someone can legally pull and authenticate.

AARO stands for the All-domain Anomaly Resolution Office, and Congress established AARO to investigate what hazards or threats UAP might present across service, regional, and domain boundaries, which is why the portal is tuned for cross-cutting, operationally relevant details rather than curiosity-driven anecdotes. AARO’s stated mission is to minimize technical and intelligence surprise by synchronizing identification, attribution, and mitigation of UAP, and that mission shapes what “helpful” looks like: information that lets analysts identify what something is, attribute it to a source or cause, and mitigate any risk it poses (AARO – About).

In practice, that pushes the portal toward submissions that can survive basic investigative stress tests. Public AARO reporting indicates the office has examined claims to determine whether reported programs or records existed and to establish provenance, which suggests the bar they’re working to: they are validating existence, scope, access, and documentation paths rather than simply collecting anecdotes (AARO Historical Record Report (Volume I)). If your information can’t be cross-checked against records, authorities, or other witnesses, it’s harder to move from allegation to finding.

In this context, unidentified anomalous phenomena (UAP) means observations or incidents that remain unidentified after initial review, especially when they involve ambiguity across operating environments, like air, maritime, space, or something that appears to move between them. The government uses “UAP” because the reporting problem is bigger than a single label: the same incident can touch multiple sensors, multiple commands, and multiple domains, and the term keeps the focus on unresolved identification and operational impact.

That all-domain framing changes what details matter. “It was weird” doesn’t help much on its own. “It was tracked by X radar, correlated with Y electro-optical feed, and briefed through Z chain” is the kind of structure investigators can chase. Even if you don’t have raw data in hand, knowing what systems captured it, who maintained those systems, and where the reporting went gives AARO a route to validate the claim without relying on your memory alone.

If you’re thinking of submitting, the portal is best suited for information that points to something AARO can actually investigate: firsthand accounts from people who directly observed an incident; program awareness from people who encountered UAP-related tasking, collection, analysis, or briefings; and documentation leads, meaning you can identify reports, ticketing systems, repositories, contracts, or office processes where records should exist. The common thread is specificity that can be cross-checked, not your certainty about what the phenomenon “really” was.

What it’s not: it’s not a public posting board, it’s not a guarantee your submission will be declassified, and it’s not a place to paste classified information into an unclassified form. If your knowledge is tied up in controlled material, treat that as a boundary, not a challenge. Classified material has to be handled through authorized channels, and the portal’s value is often in helping investigators find the right place to look, not in you uploading sensitive content.

A simple way to think about “investigation-ready” is provenance: investigators care about where a claim came from and how it was handled. In plain English, the more you can clarify what you saw or learned, how you learned it, and what records or people could independently confirm it, the more usable your submission becomes.

Land here: if what you have is a verifiable lead, firsthand knowledge, or a map to documentation, you’re in the portal’s lane. If what you have is a public story, a demand for disclosure, or material that belongs in a classified pipeline, the portal isn’t built for that, and treating it like it is will slow down the exact kind of verification you want to see happen.

That focus on verifiable, documentable leads also explains why the portal sits so tightly inside the broader oversight fight around UAP. To understand what happens after you submit, you need the legal and political backdrop that’s shaping the intake pressure.

The Laws and Politics Behind It

If you’re trying to read UAP headlines, the key is whether you’re looking at enacted oversight or proposed disclosure. The AARO portal doesn’t exist in a vacuum. It sits inside a pressure system where Congress is actively watching how UAP-related information gets collected, reviewed, and sometimes released.

Here’s the practical reason oversight matters: Congress can require executive-branch components to send specific information on a recurring basis, in specific formats, on specific timelines. Those statutory reporting requirements are a management lever, not a press release. They create internal demand for intake channels, standardized records, and auditable process because someone ultimately has to answer for what was collected, how it was evaluated, and what did or did not make it into a report to lawmakers.

The complication is that “oversight” doesn’t automatically mean “everything becomes public.” Oversight changes incentives inside government first. It pushes work into formal pathways, forces documentation, and increases scrutiny. Public-facing detail is a separate question that depends on classification, sources and methods, and what Congress can actually compel to be released.

The portal is one input channel in that ecosystem. For insiders, that’s the point: if the Hill wants structured answers, the executive branch needs structured intake.

Enacted oversight is the stuff that behaves like plumbing. Once reporting requirements are written into law, agencies have to operationalize them: define who collects what, set deadlines, and figure out how to validate claims. Policy guides on federal reporting requirements exist for a reason: the hard part is not writing “submit a report,” it’s building the repeatable workflow that can survive audits, staff turnover, and classification rules.

Proposed disclosure is different. Proposals signal where some lawmakers want to push the system, but proposals do not change anyone’s legal obligations until they pass and are signed. The nuance that trips people up is that a proposal can dominate the news cycle, shape talking points, and still have zero immediate effect on what gets declassified next week.

The takeaway you can actually use: treat enacted items as operational pressure (process, documentation, timelines). Treat proposed items as directional pressure (where the debate is trying to go), not as a promised release schedule.

The name you’ll hear most is the Schumer-Rounds proposal. The Schumer-Rounds proposal is titled the Unidentified Anomalous Phenomena (UAP) Disclosure Act of 2023 and was introduced in the 118th Congress; Senate text appears as a division in S.2226 and a House bill title is recorded on H.R.2670. People reference it because it’s framed as a dedicated disclosure framework rather than a generic “write a report” requirement.

The friction is that “disclosure framework” gets interpreted as “immediate disclosure.” In reality, proposals like this are about building a process that can review records and decide what can be released and when, not about skipping the review step entirely. Even the most aggressive-sounding legislative concepts still have to collide with classification rules and institutional risk tolerance.

Another idea that keeps coming up is the Burlison-style time limit. A proposed amendment associated with Rep. Eric Burlison would require public disclosure of UAP records within 25 years unless the President certifies a national security reason for delay. That’s a clean mental model because it’s a clock: disclose by default, delay only with an explicit certification.

The practical implication is straightforward. If policymakers are talking in terms of deadlines and certifications, insiders should expect higher demand for complete files, provenance, and clear rationales. If you’re going to argue a record should stay withheld, you need the paperwork to support that position.

Personnel and procedure matter here, not personalities. The House Oversight and Accountability Committee and its members can create attention, compel testimony in certain contexts, and force agencies to answer questions on the record. That changes behavior inside the system, even when nothing is instantly declassified.

Rep. Anna Paulina Luna, as Chairwoman of the Task Force on the Declassification of Federal Secrets, announced a hearing on transparency relating to UAP; members including Reps. Burchett, Burlison, Luna, and Moskowitz have discussed House Oversight UAP hearing activity. That mix matters because it signals sustained interest across a small cluster of members who keep returning to the topic in an oversight setting.

The complication: hearings are not a magic key for classified material. A hearing can spotlight inconsistencies, ask for records, and elevate a dispute into a must-answer issue for agencies. It can’t unilaterally rewrite classification rules, and it can’t force public release of everything discussed in closed settings.

So what should you expect if you’re an insider thinking about the portal? More formal pathways, more scrutiny, and more demand for documentation that holds up. A complete chain of custody is what prevents predictable legal and evidentiary challenges, and that same logic applies to internal credibility: claims that come with documents, dates, and traceable handling move farther than stories that can’t be pinned down.

For the public, the model is equally simple: more oversight usually means more headlines, but not necessarily more details. When the next big UAP news item drops, ask three questions before you refresh your feed: Is it enacted or proposed? Is it oversight or disclosure? And does it change what agencies must do, or only what they’re being urged to do?

All of that explains why the portal exists and why it’s being taken seriously inside the system. It doesn’t, by itself, answer the question an insider cares about most: what “safe” reporting actually looks like when jobs, clearances, and classification are on the line.

Safety, Anonymity, and Real Protections

Real safety comes from the channel you use, not from staying quiet or going public. When people say “safe reporting,” they’re usually talking about authorized pathways that can trigger formal anti-retaliation protections if you’re punished for speaking up. They’re not talking about a magic guarantee that “nobody will ever know it was you,” and they’re definitely not talking about permission to share sensitive material anywhere you feel like.

In this context, a whistleblower is simply someone who reports wrongdoing or a serious concern they learned through their work, and a protected disclosure is a report made through the kinds of channels the law recognizes, about the kinds of problems the law covers (illegality, gross waste, abuse of authority, substantial danger to public safety, and similar categories depending on your role). The practical point: if your goal is protection, you want your report to qualify as a protected disclosure, not to “force disclosure” by pushing information into the open.

The Whistleblower Protection Act of 1989 protects most federal civil service employees who make protected disclosures, and it’s built as an anti-retaliation framework. In plain English: the core legal promise is “you can’t be punished for reporting through the right lanes,” not “your identity will never surface.”

Here’s what people mean when they say “anonymous,” and why it’s often not that simple. Anonymity means the system never learns who you are. Confidentiality means the system may know who you are, but limits who can see it and how it’s used. In real government reporting, confidentiality is the more realistic aim, and even then it’s not absolute. Investigations create trails: emails, case numbers, interview notes, and follow-ups. Those records can be tightly controlled and still exist.

That’s also where the Privacy Act shapes expectations. Privacy Act basics: individuals generally have rights to see and request amendment of records about themselves, subject to exemptions. So yes, records about you can exist, and yes, there are rights and limits that can affect who sees what and when. If you’re trying to plan for “no paper trail,” that’s not how official reporting works.

Classified information is the big constraint that trips people up. Whistleblower protections don’t equal permission to disclose classified material improperly. The whole system is designed around “report it safely inside authorized lanes,” not “post it on an unclassified website and hope the whistleblower label protects you.”

This is where an Inspector General (IG) matters. An IG is an independent oversight office inside an agency or department that investigates allegations of wrongdoing, and IG channels exist precisely because some complaints require controlled handling, including secure intake when sensitive material is involved.

DoD IG guidance is blunt on this point: the public (unclassified) DoD Hotline web page must not be used to submit classified complaints. Classified submissions require using classified channels, and DoD provides a Hotline phone number for guidance on filing classified complaints (DoD IG Hotline). Treat that as a safety rail. If there’s any chance what you’re holding is classified, stop and get routed the right way before you transmit anything.

Different roles have different coverage and reporting pathways. Federal civil service employees should consider the Office of Special Counsel for questions about Whistleblower Protection Act coverage and remedies (U.S. Office of Special Counsel). Uniformed service members have statutory protections under the Military Whistleblower Protection framework and often route complaints through DoD IG channels that handle military-specific processes (DoD IG Hotline). Intelligence community personnel generally use the Intelligence Community Inspector General (ICIG) protected disclosure channels, which include special handling for classified and sensitive matters (ICIG – How to Report). Contractors have more limited statutory protections in many contexts; they can submit complaints to agency IGs and, in some cases, to OSC or other legal mechanisms, but contractor protections are more constrained than those for federal civil service employees and military members. When in doubt, consult the specific IG or OSC guidance for your employment category before transmitting sensitive material.

People usually talk about three lanes. One is the AARO reporting portal (a structured intake for UAP-related reports). Another is an IG channel, which is often the right fit when you need formal oversight intake and, where applicable, secure handling. A third is Congress, where certain lawful communications are protected, but the same reality still applies: classification rules follow the information, not your intent.

If you only remember one thing: don’t submit classified complaints through public or unclassified web intake. Use authorized channels and get guidance first, including the DoD Hotline at 1-800-424-9098 and the DoD IG Hotline web page (DoD IG Hotline). Your safest posture is to aim for a protected disclosure through the right lane, not a public disclosure that creates new risk for you and for the information itself.

Once you’re clear on the lane you should use, the next lever you control is how your information is packaged. That’s where most submissions either become actionable-or stall out.

How to File a Credible Report

Credibility is built, not claimed. Your report can show its work. The fastest way to be taken seriously is a submission that reads like it can be investigated: a clear timeline, specific access context, and evidence handled responsibly. AARO’s published guidance lists a UAP-event description or narrative as necessary information for UAP analyses, so treat your write-up like the opening section of a case file, not a forum post (AARO – How to Report).

The friction is that lots of UAP reports die on contact because they’re vague (“sometime last spring”), purely secondhand (“I heard from a guy”), or stuffed with conclusions instead of observations. Fixing that is straightforward: write what happened in chronological order, label what you personally observed versus what someone else told you, and keep speculation in its own clearly marked sentence at the end, if you include it at all.

Your goal here is cross-checking. If an investigator can’t triangulate your account against logs, schedules, and sensor records, it becomes a dead end. Some report elements are required all the time, while others are required only when an object is not in radar contact. That’s why “context” is not fluff: it determines which fields exist to corroborate what you saw.

1. Write a clean, chronological narrative: what you observed or learned, in order, with approximate start and end times.
2. Pin down who/what/when/where/how: date(s), local time, location (base, range, operating area), unit or office, and program name or title if you know it. If you can’t name the program, name the building, timeframe, and the system that would have logged it.
3. Describe your access context in plain terms: your role at the time, and your clearance/access level described generally (don’t paste markings). State how you came to know the information: firsthand, witnessed in person; or secondhand, briefed by X; or derived from a system you were authorized to use.
4. Capture observation and sensor context for UAP sightings: what you perceived (visual, EO/IR, radar, acoustic), vantage point (airborne/ground/ship), weather/visibility, approximate direction, duration, and any maneuvers you can describe without guessing performance numbers.
5. List corroboration targets: other witnesses (names or positions), watch floors, aircraft crews, relevant logs (radar tracks, comms recordings, maintenance tickets), and the office or system owner who would hold those records.

The catch is that “more evidence” can backfire if you handle it unsafely. DoD/IG guidance warns that unauthorized disclosure of classified information in unclassified systems or vulnerable facilities is a risk when documenting allegations. One hard rule covers most mistakes: don’t put classified information into unclassified systems. If your issue is classified, get guidance through proper channels.

So instead of attaching or copying restricted material, reference it in a way an authorized investigator can retrieve: document title, date, office of record, system name, and any case/ticket/tracking number. If you have personal notes, keep them factual and unclassified: what you saw, when you saw it, where you were, and who else was present. That preserves investigative value without turning your report into an unauthorized transfer.

Even if you never touch a physical item, adopt chain of custody thinking. Chain of custody documents each person who handles evidence and each transfer of custody. Each person handling the evidence is considered a link in the chain of custody and each link must be documented.

In practice, that means you document handling, not “collect” things you shouldn’t. Proper procedures mitigate concerns about alteration during collection and preservation, and the handoffs matter even more if an item or sample is routed to a forensic lab for expert opinion.

A simple log also supports authentication (Rule 901(a) is where chain of custody often shows up), and gaps tend to damage weight more than they automatically erase value. Here’s a clean, safe example of what you can record without grabbing materials: “14 Jan 2026, 1430L: Briefed by [position/name if permitted] in [office/building]. Referenced radar log maintained by [shop] on [system]. I did not retain copies. Point of contact for retrieval: [office].” That’s the kind of trail that holds up under scrutiny and keeps you inside the lines.

If you file that way-specific, checkable, and safely handled-you’ve done the part most people skip. What comes next is the slower, internal machinery of triage, validation, and (sometimes) referral.

What Happens After You Submit

Hitting submit is the start of a process that’s often slow, triaged, and mostly non-public, even when your information is solid. If you’re hoping for an instant headline, that’s usually not how this works. Your report goes into an operational workflow where analysts have to sort it, compare it against what they already have, and decide what deserves deeper work first.

Early handling is basically credibility and relevance triage: does the report include enough specifics to act on, does it overlap with an existing case, and does it fit AARO’s mission. Duplication is common, so a “new” report can get folded into an existing thread if it’s describing the same incident, same facility, or same personnel. If your account is actionable, you can be contacted to clarify the timeline, your access (what you personally observed versus heard secondhand), and potential corroborators like other witnesses, records custodians, or sensor operators. If the allegation clearly belongs elsewhere, it can be referred to another office with the right jurisdiction or investigative authority.

Even when work is happening, closure can take time and it doesn’t always look like closure from the outside. “As of May 31, 2024, AARO had an additional 174 cases queued for closure pending final review and the Director’s approval” is reported in AARO’s Historical Record Report (Volume I) and illustrates typical casework queuing (AARO Historical Record Report (Volume I)). And not every dramatic claim survives scrutiny: AARO’s public reporting also describes instance-level findings where items alleged to be nonterrestrial were assessed and determined to be ordinary and of terrestrial origin (see case examples summarized in the same Historical Record Report) (AARO Historical Record Report (Volume I)). Add classification and privacy review on top, and you get a hard constraint: public-facing reporting often omits sources/methods and may not resolve individual claims publicly, even if your report influences future summaries.

Measure success by whether your information is usable and safely handled, not by whether it becomes immediate UFO news.

1. Stay consistent if you’re contacted, and separate what you directly observed from what you learned later.
2. Keep your notes organized (dates, locations, names, and where supporting records might exist) so you can answer timeline and access questions cleanly.
3. Use authorized channels for any additional details or documents, especially if you work around controlled information.

Conclusion

The real shift you should take away is this: the AARO whistleblower portal rewards careful, lawful, evidence-minded reporting, not instant public disclosure. It changes incentives for insiders who have been sitting on details, but it doesn’t change the rules around classification, protected information, or how investigations are handled internally. That’s why the portal matters.

If you’ve been weighing a chaotic leak against silence, this is the third option: a formal lane built for verification.

A few reminders to keep you grounded. The portal is a formal intake lane into AARO, not a public dropbox and not a promise your information will be declassified or debated on cable news. “Safe reporting” still means using lawful channels backed by anti-retaliation concepts, while accepting the hard constraint that classification can limit what you can share and where. And credibility is still the whole game: an investigator-grade narrative, corroboration where possible, and evidence discipline. Chain-of-custody thinking supports that discipline by helping you show how information and materials were handled without creating new risk.

AARO was established July 15, 2022 (AARO – About; see DNI 2022 UAP Annual Report (PDF)), and its Historical Record Report (Volume I) file date is March 8, 2024 (AARO Historical Record Report (Volume I)). Those dates are your timeline anchors for how recent this process is and how slowly public-facing clarity can move even when internal work is active.

Top 3 next actions:

1. Write a tight, chronological account with names, dates, locations, and what you personally observed versus heard secondhand.
2. Preserve any supporting material (notes, messages, logs) and keep handling clean and documented.
3. Submit through official channels: use the AARO reporting portal/contact page (AARO – How to Report), and if you need protected disclosure pathways, use the Department of Defense Office of Inspector General and the Intelligence Community Inspector General protected disclosure resources (DoD IG Hotline, ICIG – How to Report).

Frequently Asked Questions